CBA 2026-02: ~A$1B in suspected fraudulent mortgages[1]

Forensic mortgage
fraud detection.

A five-module rule engine for detecting AI-generated payslips, forged bank statements, and invalid ABNs in Australian mortgage applications. Forty-six rules, each cited. Every flag drills to a SHA-256 evidence ledger retained seven years per APRA CPG 234.

Open the worked specimens Methods paper (PDF)

Independent project by Macdara from Perth. Source available on request.

Case . TRU-2026-04812

submitted 09:14 AEST

Payslip does not reconcile
to MYOB producer signature

Applicant A. R. (redacted) . loan $612.5k . via AGG-118-4421

CRITICAL . 82

82/100

PM-007Payslip producer signature seen on three prior unrelated applicationsCRITICAL

IA-002Net pay does not equal gross minus PAYG . off by $47.20CRITICAL

PM-002PDF object stream lacks the producer hash expected from MYOBHIGH

NC-003Same employer ABN appears on 5 applications by this broker in 11 daysCRITICAL

ledger TRU-2026-04812 . retained 7y per APRA CPG 2344 flags

REJECT

TRU-2026-04812

Detection modules: 5
Cited rules: 46
Regulatory frame: APRA CPG 234
Worked specimens: 5

01 — How it works

How a case moves through the engine.

Four steps, no black box. Documents go in; a scored verdict and a citable evidence packet come out.

A case arrives

Payslip, bank statement, employer letter, application form. Every file is hashed with SHA-256 before a single rule reads it.

POST /v1/cases, or via LOS connector

Five modules read it

Producer, identity, arithmetic, employer, network. Each runs its own rules against the source PDFs, independently. No shared black-box score.

46 cited rules across 5 modules

Highest module wins

The case score is the single highest module score, never an average. One Critical module makes a Critical case. Every flag drills to the rule and the byte.

Disagree? See the next-highest

Signed evidence packet

The verdict ships with the rules that fired, the field each one read, and a citation for every rule. Written to a WORM ledger.

AES-256 . AU residency . 7-year retention

02 — What it measures

Producer, identity, arithmetic.

Trutina reads the PDF as a forensic file before it reads it as a document. Three of the four properties cost the borrower nothing to produce honestly; the fourth, arithmetic, cannot be faked without leaving a trace.

01 · PM

Producer metadata

PM-001 to PM-014 · 14 rules

Producer string mismatch. Asserted MYOB, found macOS Pages. Signature shared with 3 cases.

02 · IC

Identity coherence

IC-001 to IC-009 · 9 rules

Payslip BSB 062-001 vs bank statement BSB 062-006. Branch mismatch.

03 · IA

Income arithmetic

IA-001 to IA-011 · 11 rules

Gross minus PAYG should equal net. Off by $47.20.

04 · EV

Employer verification

EV-001 to EV-007 · 7 rules

Employer ABN cancelled 2024-08-12. No BAS lodged since 2024-Q2.

05 · NC

Network clustering

NC-001 to NC-005 · 5 rules

Font subset hash appears in 4 cases across one broker in 60 days.

03 — Worked specimens

Five redacted Australian cases.

Clean applications next to fabricated ones, all submitted through Australian broker channels. Each shows the source PDFs, the rules that fired, and the audit packet produced. No sign-in. Read-only. Synthetic data.

Open the specimens →

04 — Methods & integration

How a deployment receives a case.

The shape of a working LOS integration: POST a case bundle, receive a verdict and an evidence packet. AU data residency, AES-256, seven-year ledger. This portfolio site does not run the engine against uploaded files.

POST https://api.trutina.com.au/v1/cases
Authorization: Bearer sk_live_…
Content-Type:  application/json

{
  "case_ref":  "WBS-2026-04-08-00128",
  "applicant": { "name_hash": "sha256:9a4…" },
  "documents": [
    { "kind": "payslip",        "uri": "s3://…", "sha256": "7f2a91…" },
    { "kind": "bank_statement", "uri": "s3://…" },
    { "kind": "employer_letter","uri": "s3://…" }
  ],
  "webhook": "https://example.com.au/los/webhooks/trutina"
}

# 200 OK
{ "case_id": "TRU-2026-04812", "score": 78, "tier": "critical" }

05 — Engagements

Available for genuine enquiries.

The engine, rule library, and audit packet design are available for assessment by Australian lenders, aggregators, and credit-risk teams. Bespoke engagements, not a SaaS subscription. Source and methods paper on request.

Email me about an engagement

Replies within 48 hours from Perth (AWST).

06 — Citations

References

[1]Commonwealth Bank of Australia, half-year results February 2026. Self-reported A$1B exposure to suspected fraudulent mortgage applications via broker channels.

[2]NAB "Penthouse Syndicate" matter, charged 2025. ~A$105M exposure across fabricated payslip applications.

[3]APRA Prudential Practice Guide CPG 234 (Information Security), November 2019.

[4]Australian Privacy Principle 11, Privacy Act 1988.

[5]Producer string field, ISO 32000-1:2008, table 317.

[6]ATO Super Guarantee rate schedule. 11.5% from 2024-07-01. 12.0% from 2025-07-01.

Forensic mortgagefraud detection.